﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Text;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

namespace FYPDemo
{
    public class SecurityManagement
    {

        public static DataTable listSecurityQuestion()
        {
            SqlDataAdapter da = new SqlDataAdapter();
            DataTable dt = new DataTable();

            conndb db = new conndb();
            SqlConnection con = db.GetOpenConnection();
            SqlCommand cmd = con.CreateCommand();

            

            try
            {
                cmd.CommandText = "listSecurityQuestion";
                cmd.CommandType = CommandType.StoredProcedure;

                da.SelectCommand = cmd;
                da.Fill(dt);

            }

            catch (Exception ex)
            {
                con.Close();
                throw ex;
            }

            finally
            {
                con.Close();
            }

            return dt;
        }

        public static DataTable validateResetPassword(string member, string email, int securityQ, string answer)
        {
            SqlDataAdapter da = new SqlDataAdapter();
            DataTable dt = new DataTable();

            conndb db = new conndb();
            SqlConnection con = db.GetOpenConnection();
            SqlCommand cmd = con.CreateCommand();            

            try
            {
                cmd.CommandText = "validateResetPassword";
                cmd.CommandType = CommandType.StoredProcedure;

                cmd.Parameters.Add(new SqlParameter("@Member", SqlDbType.VarChar, 50));
                cmd.Parameters["@Member"].Value = member;

                cmd.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar, 50));
                cmd.Parameters["@Email"].Value = email;

                cmd.Parameters.Add(new SqlParameter("@SecurityQuestion", SqlDbType.Int));
                cmd.Parameters["@SecurityQuestion"].Value = securityQ;

                cmd.Parameters.Add(new SqlParameter("@Answer", SqlDbType.VarChar, 50));
                cmd.Parameters["@Answer"].Value = answer;

                da.SelectCommand = cmd;
                da.Fill(dt);
            }

            catch (Exception ex)
            {
                con.Close();
                throw ex;
            }

            finally
            {
                con.Close();
            }

            return dt;
        }

        public static int ResetPassword(string member, string email, string password)
        {
            int result = 0;
            conndb db = new conndb();
            SqlConnection con = db.GetOpenConnection();
            SqlCommand cmd = con.CreateCommand();           

            try
            {
                cmd.CommandText = "ResetPassword";
                cmd.CommandType = CommandType.StoredProcedure;

                cmd.Parameters.Add(new SqlParameter("@Member", SqlDbType.VarChar, 50));
                cmd.Parameters["@Member"].Value = member;

                cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 50));
                cmd.Parameters["@Password"].Value = password;

                result = cmd.ExecuteNonQuery();

            }

            catch (Exception ex)
            {
                con.Close();
                throw ex;
            }

            finally
            {
                con.Close();
            }

            return result;

        }

        private static Random _rng = new Random();
        private const string _chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";

        public static string RandomString1()
        {
            char[] buffer = new char[3];

            for (int i = 0; i < 3; i++)
            {
                buffer[i] = _chars[_rng.Next(_chars.Length)];
            }
            return new string(buffer);
        }

        private static Random random = new Random((int)DateTime.Now.Ticks);//thanks to McAden
        public static string RandomString2()
        {
            StringBuilder builder = new StringBuilder();
            int ch;
            for (int i = 0; i < 4; i++)
            {
                ch = Convert.ToInt32(random.Next(0, 9));
                builder.Append(ch);
            }

            return builder.ToString();
        }

        public static int validateMember(string username, string password)
        {
            int role = 0;

            SqlDataAdapter da = new SqlDataAdapter();
            DataTable dt = new DataTable();

            conndb db = new conndb();
            SqlConnection con = db.GetOpenConnection();
            SqlCommand cmd = con.CreateCommand();


            try
            {
                cmd.CommandText = "validateMember";
                cmd.CommandType = CommandType.StoredProcedure;

                cmd.Parameters.Add(new SqlParameter("@Username", SqlDbType.VarChar, 50));
                cmd.Parameters["@Username"].Value = username;

                cmd.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 50));
                cmd.Parameters["@Password"].Value = password;

                da.SelectCommand = cmd;
                da.Fill(dt);

                if (dt.Rows.Count > 0)
                {
                    role = Convert.ToInt32(dt.Rows[0][0]);
                }
            }

            catch (Exception ex)
            {
                con.Close();
                throw ex;
            }

            finally
            {
                con.Close();
            }


            return role;
        }
    }
}